A proactive cybersecurity plan is your best bet for surviving an attack
Even before the pandemic arrived and forced companies to overhaul their business practices overnight, cybersecurity professionals discovered that we were witnessing a crime wave. The proliferation of remote work, which dispersed our employees along with our workstations and networks, has markedly accelerated it.
You have no time to lose—the sooner you strengthen your cybersecurity position the better off you’ll be when you’re attacked.
Here’s how to begin that process.
1. Raise your team’s awareness by creating an Incident Response Plan.
Your employees are your first line of defense—you need to give them a toolbox of training and information. Cyberattacks frequently occur because someone clicks a bad link, and each employee can be trained to recognize characteristics of those links. I am intimately aware of that because we have been conducting Incident Response Planning workshops for many years and I’ve seen that every organization’s workforce can be taught to be scrupulous—trained to recognize when something looks suspicious before they click it and invite malicious code into the network.
2. Make certain that your cybersecurity technology is up-to-date.
When we talk about “next generation” firewall services, antivirus protection, content filtering, endpoint protection, etc. we’re not just referencing buzzwords. Bad actors worldwide are getting smarter all the time, so you need to be sure that your technology is smarter than they are. You want your antivirus software to be able to recognize a piece of bad code and extract it from the network or disable whatever application it’s attached to. And you want the endpoint protection that’s installed on all of your organization’s workstations to be able to catch that malicious code if it does sneak through the network. Quest offers a suite of technology services that can ensure your business is thoroughly protected.
3. Backup critical data and keep it secure.
The best defense against cyberattack begins with a backup. When a company’s technology fails to stop malware or a ransomware attack and I get a frantic phone call, the very first question I ask is, “do you have a backup of your critical data?” It’s alarming how many people do not. This is the most important tool for the response to a security incident. Make sure you have good data from which you can restore. This is a fairly simple process and it’s explained in Quest’s Business Continuity Planning Workshop.
4. Catalog your critical software and maintain a repository.
This is not a technical issue; it is an administrative issue that can profoundly impact your technology and your business. So it’s very important to inventory your software, services, and third-party contracts. These are things that people don’t always think of as security issues, but if you experience the kind of security incidents we’re seeing now, such as being hit with a ransomware attack where all of your data becomes encrypted, you will have to pay unless you can recover. A well-cataloged and secure repository or library of software can save you from this nightmare.
5. Locate and secure your installation keys.
When you purchased the software that’s running on your network and all of your machines, you were given a license that included an installation key. In order to run the software or application, you had to punch in that key to activate the code. If you don’t have that key during the recovery process following a cyberattack, you’re tanked. You might find yourself on the phone with six or 10 engineers waiting for one of them to find his or her license key. So now you’re spending $1,000 an hour trying to figure out how to get your technology running and get back in business. I run into this issue quite a lot, including as recently as last week.
6. Prevent undue stress by having a plan.
I receive these distress calls many times a month, but most of my customers, if they’re lucky, will see a debilitating security event only once in their lifetime. These are capable people but they’re not in the incident response business. When the event takes place, they’re scared, frustrated, and angry because somebody has threatened their business. It’s an extremely stressful experience, and people are forced to make decisions under duress. They’ve had a ransomware attack, and somebody is asking for $1.2 million, and the boss is saying, “I need to get back in business.” Too often, this person may spend hours or even days trying to take care of the problem by themselves. Again, I would like everybody to have a plan in place so none of this has to happen. If it does, please call me so I can have our Incident Response Team help. Sometimes your best defense against catastrophe is a phone number.
7. Talk to your lawyer.
Depending on where you operate your business and the type of information that gets compromised during a security event, you likely have some fiduciary responsibilities to notify clients. If you are the custodian of their data and there’s a possibility that the data has leaked, you may be under a variety of legal obligations such as the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR). When responding to a security incident, I need to know if you have consulted with your inside counsel or attorney to discuss these obligations. We can also consult about a variety of ways to control the expenses attached to these compliancy requirements.
Thank you for trusting us to help with your cybersecurity needs.
Contact us any time—we’re always happy to help.
Jon
